Analysis
-
max time kernel
138s -
max time network
155s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18/02/2024, 04:35
Behavioral task
behavioral1
Sample
fd34d0e2c8ec5312902f8634852f4d564e64787bc83125bedc32b81776b7c24c.elf
Resource
ubuntu1804-amd64-20231215-en
ubuntu-18.04-amd64
3 signatures
150 seconds
General
-
Target
fd34d0e2c8ec5312902f8634852f4d564e64787bc83125bedc32b81776b7c24c.elf
-
Size
93KB
-
MD5
e80f330e22f89b4dcb858595b6c05868
-
SHA1
07b3b3447d537651f43db1afdb08a13f7ad512f7
-
SHA256
fd34d0e2c8ec5312902f8634852f4d564e64787bc83125bedc32b81776b7c24c
-
SHA512
0a843a51a09c8c143340b831e9714d9bfefa0347398d2ea2112a535ce11a787d7c0df9b125b3e3541740f0888b6575660c5747c57952383aed760275ca62fde9
-
SSDEEP
1536:VCuLcw/F/nVBysNdiu7RjKoaXKn7Tfr4qcm0TyNTWuQn/E6uTuSsRXtZ:Lcw/F/VssNdioKBX87TfjBayQuQRY3AZ
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1561 fd34d0e2c8ec5312902f8634852f4d564e64787bc83125bedc32b81776b7c24c.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/632/cmdline File opened for reading /proc/1005/cmdline File opened for reading /proc/1325/cmdline File opened for reading /proc/20/cmdline File opened for reading /proc/161/cmdline File opened for reading /proc/167/cmdline File opened for reading /proc/169/cmdline File opened for reading /proc/510/cmdline File opened for reading /proc/1083/cmdline File opened for reading /proc/1152/cmdline File opened for reading /proc/456/cmdline File opened for reading /proc/524/cmdline File opened for reading /proc/953/cmdline File opened for reading /proc/1287/cmdline File opened for reading /proc/16/cmdline File opened for reading /proc/315/cmdline File opened for reading /proc/437/cmdline File opened for reading /proc/166/cmdline File opened for reading /proc/168/cmdline File opened for reading /proc/562/cmdline File opened for reading /proc/1434/cmdline File opened for reading /proc/1564/cmdline File opened for reading /proc/12/cmdline File opened for reading /proc/80/cmdline File opened for reading /proc/413/cmdline File opened for reading /proc/84/cmdline File opened for reading /proc/197/cmdline File opened for reading /proc/18/cmdline File opened for reading /proc/25/cmdline File opened for reading /proc/1114/cmdline File opened for reading /proc/19/cmdline File opened for reading /proc/163/cmdline File opened for reading /proc/635/cmdline File opened for reading /proc/1124/cmdline File opened for reading /proc/165/cmdline File opened for reading /proc/1053/cmdline File opened for reading /proc/1136/cmdline File opened for reading /proc/1146/cmdline File opened for reading /proc/1157/cmdline File opened for reading /proc/1183/cmdline File opened for reading /proc/1352/cmdline File opened for reading /proc/1375/cmdline File opened for reading /proc/10/cmdline File opened for reading /proc/153/cmdline File opened for reading /proc/423/cmdline File opened for reading /proc/588/cmdline File opened for reading /proc/1285/cmdline File opened for reading /proc/1550/cmdline File opened for reading /proc/1558/cmdline File opened for reading /proc/24/cmdline File opened for reading /proc/430/cmdline File opened for reading /proc/1299/cmdline File opened for reading /proc/1539/cmdline File opened for reading /proc/1088/cmdline File opened for reading /proc/98/cmdline File opened for reading /proc/154/cmdline File opened for reading /proc/160/cmdline File opened for reading /proc/164/cmdline File opened for reading /proc/542/cmdline File opened for reading /proc/642/cmdline File opened for reading /proc/1077/cmdline File opened for reading /proc/1181/cmdline File opened for reading /proc/1555/cmdline File opened for reading /proc/1556/cmdline